Rep. Eshoo: Cybersecurity requires clear reporting methods

Still missing from the federal government's cybersecurity efforts is a simple, effective mechanism for private firms to report breaches of their systems, Rep. Anna Eshoo (D-Calif.) said Thursday.

For the most part, private firms fear that a coterie of agencies and regulators would inundate them with burdensome cybersecurity reporting and response requirements if they knew of every attack, so they typically refrain from sharing information with the government, the congresswoman said.

However, Eshoo stressed lawmakers should ultimately "streamline the process" and reduce the "maze" of rules and procedures that keep business leaders somewhat silent on cyberattacks. She also called on the intelligence community to share more with the private community, too, rather than hiding most of it behind a "wall" of classified labels.

"If we're going to ask industry to report cybersecurity incidents to the government, we need to establish a really clear process to do so," she said at the Computer & Communications Industry Association's annual Washington Caucus.

That system, she added, has to create "an atmosphere where information sharing is not only safe but it's encouraged."

Congressional lawmakers have honed in on cybersecurity in recent months, after a series of high-profile cyberattacks targeted U.S. businesses, including Google. At least six bills on the matter are still pending action in Congress, including a comprehensive cybersecurity bill piloted by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine).

---